[ISN] Why Intel's ID tracker won't work

From: mea culpa (jerichoat_private)
Date: Wed Jan 27 1999 - 08:45:46 PST

  • Next message: mea culpa: "[ISN] Crypto can save lives"

    Forwarded From: Ken Williams <jkwilli2at_private>
    
    Why Intel's ID tracker won't work
    By Bruce Schneier, ZDNN
    January 26, 1999 4:45 PM PT
    URL: http://www.zdnet.com/zdnn/stories/comment/0,5859,2194863,00.html
    
    Last Thursday Intel Corp. announced that its new processor chips would
    come equipped with ID numbers, a unique serial number burned into the chip
    during manufacture. Intel said that this ID number will help facilitate
    e-commerce, prevent fraud and promote digital content protection. 
    
    Unfortunately, it doesn't do any of these things. 
    
    To see the problem, consider this analogy: Imagine that every person was
    issued a unique identification number on a national ID card. A person
    would have to show this card in order to engage in commerce, get medical
    care, whatever. Such a system works, provided that the merchant, doctor,
    or whoever can examine the card and verify that it hasn't been forged. Now
    imagine that the merchants were not allowed to examine the card. They had
    to ask the person for his ID number, and then accept whatever number the
    person responded with. This system is only secure if you trust what the
    person says. 
    
    The same problem exists with the Intel scheme. 
    
    Too easy to hack 
    
    Yes, the processor number is unique and cannot be changed, but the
    software that queries the processor is not trusted. If a remote Web site
    queries a processor ID, it has no way of knowing whether the number it
    gets back is a real ID or a forged ID. Likewise, if a piece of software
    queries its processor's ID, it has no way of knowing whether the number it
    gets back is the real ID or whether a patch in the operating system
    trapped the call and responded with a fake ID. Because Intel didn't bother
    creating a secure way to query the ID, it will be easy to break the
    security.
    
    As a cryptographer, I cannot design a secure system to validate
    identification, enforce copy protection, or secure e-commerce using a
    processor ID. It doesn't help. It's just too easy to hack. 
    
    This kind of system puts us in the same position we were in when the
    government announced the Clipper chip: Those who are engaged in illicit
    activities will subvert the system, while those who don't know any better
    will find their privacy violated. I predict that patches that randomize
    the ID number will be available on hacker Web sites within days of the new
    chips hitting the streets. 
    
    The real question 
    
    The only positive usage for processor IDs is the one usage that Intel said
    they would not do: Stolen processor tracking.  Pentium II chips are so
    valuable that trucks are hijacked on the highways, sometimes resulting in
    drivers being killed. A database of stolen processor IDs would drop the
    market for stolen CPUs to zero: Board manufacturers, computer companies,
    resellers and customers could simply query the database to ensure that
    their particular CPU wasn't stolen.  (This is the primary usage for
    automobile VINs.) This same system could be used to prevent manufacturers
    from overclocking their CPUs -- running them faster than Intel rated them
    for -- another thing that Intel would love to prevent.
    
    The real question is whether computers are a dangerous technology, and
    need to be individually tracked like handguns and automobiles. During the
    Cold War many Eastern European countries required mimeograph machines to
    be individually licensed; I have a hard time believing that computers need
    the same sorts of controls. 
    
    Bruce Schneier is the president of Counterpane Systems and the author of
    "Applied Cryptography." 
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:17:25 PDT